Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Running Untrusted Code in Node
Search
Dave Wasmer
February 25, 2014
Technology
0
320
Running Untrusted Code in Node
Running untrusted code in Node in a safe mode while handling the lode.
Dave Wasmer
February 25, 2014
Tweet
Share
More Decks by Dave Wasmer
See All by Dave Wasmer
The Future is Now: Ember in 2018
davewasmer
0
95
UX Mental Models
davewasmer
4
480
Enterprise and Mobile Web
davewasmer
0
78
Kinvey @ PhoneGap Day US
davewasmer
1
160
Other Decks in Technology
See All in Technology
サービスを止めるな! DDoS攻撃へのスマートな備えと最前線の事例
coconala_engineer
1
180
CDK Vibe Coding Fes
tomoki10
1
630
CDK Toolkit Libraryにおけるテストの考え方
smt7174
1
550
アクセスピークを制するオートスケール再設計: 障害を乗り越えKEDAで実現したリソース管理の最適化
myamashii
1
660
【あのMCPって、どんな処理してるの?】 AWS CDKでの開発で便利なAWS MCP Servers特集
yoshimi0227
6
950
サイバーエージェントグループのSRE10年の歩みとAI時代の生存戦略
shotatsuge
4
1k
ClaudeCodeにキレない技術
gtnao
1
860
“日本一のM&A企業”を支える、少人数SREの効率化戦略 / SRE NEXT 2025
genda
1
270
IPA&AWSダブル全冠が明かす、人生を変えた勉強法のすべて
iwamot
PRO
2
230
AI時代にも変わらぬ価値を発揮したい: インフラ・クラウドを切り口にユーザー価値と非機能要件に向き合ってエンジニアとしての地力を培う
netmarkjp
0
130
ポストコロナ時代の SaaS におけるコスト削減の意義
izzii
1
470
Figma Dev Mode MCP Serverを用いたUI開発
zoothezoo
0
230
Featured
See All Featured
Building an army of robots
kneath
306
45k
Six Lessons from altMBA
skipperchong
28
3.9k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
830
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Speed Design
sergeychernyshev
32
1k
Building a Modern Day E-commerce SEO Strategy
aleyda
42
7.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
331
22k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Gamification - CAS2011
davidbonilla
81
5.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Transcript
Running untrusted code in Node in a safe mode while
handling the lode
lode?
Dave Wasmer @davewasmer Developer @ Kinvey yep, this slide …
Kinvey Backend as a service … and this one.
What goes into backend as a service?
None
Lots o’ stuff • Data storage • User management •
Twitter, Facebook, G+, LinkedIn • OAuth, LDAP, Active Directory • File storage • don’t forget CDN delivery • Push notifications • Emails • 3rd Party API Integration • Analytics • a whole lot more ..
What if CRUD ain’t enough?
enter: Business Logic!
Run your code on our servers
Custom JavaScript execution?!
eval(customerCode); // Genius, mirite? NO!
The Problem We needed a safe, scalable way to run
arbitrary (possibly malicious) JavaScript on our servers.
Safety • Can’t allow access to: • filesystem • shared
memory • Kinvey internals • State is evil!
Scalablity • Needs to scale horizontally • i.e. spin up
new instances on-demand • automatically add to resource pool • Optimize for usage • not running huge computations - short, frequent bursts of activity • 2x per API request is possible!
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability KCS KCS KCS KBL KBL KBL
Redis Work Master Child Child Child Child
Our solution to scalability Work Master Child Child Child Child
Safety Concerns • How to run arbitrary JS code? •
Three issues • System access (filesystem, network, etc) • Application access (application state, data, etc) • Stupidity / DoS (while (true), forgot to signal async completed)
System access • Filesystem • Severely limited or none •
Network • Partially limited
Our solution to system access ! // Setting things up
! try { script = vm.createScript(codeAsStr); } catch (e) { // syntax error! } ! sandbox = generateNewSandbox()
generateNewSandbox = function(){ ! var sandbox = {}; sandbox.complete =
function(){ runNextTask(); }; sandbox.whateverYouWant = function(){ ... } return sandbox; ! } Our solution to system access
! // Running the untrusted script try { script.runInNewContext(sandbox) }
catch (e) { // e will be any immediate (synchronous) // runtime errors } Our solution to system access
Application access • Data • Permissions
Our solution to application access ! // inside generateNewSandbox() !
sandbox.db = { find: function(query, callback) { // do db stuff callback(null, result) // <- Careful! }, ... }
Stupidity / DoS • while (true) {} // single-threaded ftw!
• function onPreSave(req, res, modules) { doSomeAsyncStuff() } // kthxbai • function doSomeAsyncStuff() { setTimeout(function(){ throw new Error() }, 100000); // muhahaha }
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS Work Master Child Child
Child Child
Our solution to stupidity / DoS ! // For handling
callback errors process.on(‘uncaughtException’, function(){ // handle it here });
Wrap-up